About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Mon 09 Dec 2002 - 15:03:10 GMT


  vserver 0.22
  Change log

  1. Enhancements

  1.1. kernel 2.4.19ctx-15

  A new kernel patch is available. It tool some time to achieve/debug
  (another tcp_tw_bucket issue, like ctx-9). Here are the features:

  + When sending an UDP request, the ipv4root is used as the source IP.
     Prior to ctx-15, an IP of the host server was used, so the reply
     was never getting back. ypbind in broadcast mode was failing
     because of that.

  + Bind(any) with multiple IPs. This was not working previously. You
     had to setup one listening socket per IP. Now, the default
     operation mode of most IP services, does what you expect: It
     receives any request coming to one of the IPs of the vserver.

  + Bind(any) and netstat: When performing a bind(any), it will show
     this way in netstat. Cool. there is one little catch. If you
     perform a netstat in the root server using the security context 1
     (so you can see sockets of all vservers), you will see potentially
     several sockets bound to the same port using the 0.0.0.0 address.

     How confusing...

     This is normal. Unless two vserver are sharing some IPs, they are
     allowed to do a bind(0.0.0.0) on the same port and it will show
     this way. So this is a little strange in the root server, but
     perfectly ok in the vserver.

  + A small optimization with bind(any) and a single IP. The previous
     semantic was to map a bind(any) to the first IP of the vserver
     (ipv4root). This semantic was kept as an optimization in the kernel
     in the case where a vserver has a single IP. This is the common
     case.

     This optimization may go away, maybe, when we will attack the per
     vserver private network loopback. Depending on the solution
     selected, the common case may become two IPs per vserver (the
     loopback and the main IP).

  I have not done any benchmark with the new bind(any) stuff. It might
  be a little slower. Potentially not visible. Comments welcome.

  1.2. newvserver: Excluded directories

  When building a new vserver out of another, you can exclude few
  directories. Only the directory structure will be copied. By default,
  newvserver exclude /var/log, /var/run and /var/spool/mail.

  There is a TAB in the form to enter up to 4 directories to exclude.

  1.3. newvserver: sshd cleanup

  When cloning a vserver, you may want to reset the sshd private keys so
  new ones are generated. A check-box is now provided to handle that. It
  is on by default.

  This avoids having all your vserver ending with the same sshd private
  keys...

  1.4. Per IP netmask

  The IPROOT entry in the vserver configuration file now support one
  netmask per entry. The complete syntax is

       IPROOT="[device:]ip[/netmask] ..."

  where stuff in square bracket is optional.

  1.5. server run-level

  A vserver does not use its own init process unless fakeinit is used.
  Normally /sbin/init writes into /var/run/utmp to record the current
  run-level and some tools are using that.

  Now even if you are not using fakeinit, /var/run/utmp is properly
  initialized with the proper runlevel (as found in /etc/inittab).

  1.6. vbuild: new --excldir option

  When using vbuild to clone a vserver, you can use the --excldir option
  repeatedly to exclude some files. The directory structure is
  duplicated, but no file is copied. This is used by newvserver.

  1.7. vrpm: No unification is /var/log

  When using the --unify, the /var/log directory is excluded. Some
  packages are owning files there and are not tagged as configuration
  file (which is fair). Unifying those files is creating problems.

  This problem was specific to /var/log (and everything under) as far as
  I can see, so this is hard-coded in the vrpm script.

  1.8. vserver profiles

  It is sometime useful to operate a vserver with some settings and then
  operate it with different settings. A setting is called a profile and
  covers the S_HOSTNAME, IPROOT and IPROOTDEV.

  There are two ways to select a profile:

  + Edit the configuration file and insert PROFILE=somename

  + PROFILE=somename vserver XX start

  Once you have started a vserver with a given profile, it is stored in
  the /var/run/vserver/XX.ctx file, so you can enter and stop the
  vserver using the active profile, even if you have changed the profile
  value in the configuration file.

  The newvserver tool has been modified so you can immediately enter the
  second profile value. By default, one profile is called prod and the
  other is called backup.

  vservers may be used as a fail-over strategy where whole servers may
  be switched on and off on the fly. Now one may use some
  synchronization tool (rsync ?) to make sure the backup is up to date.
  Sometime, it is not enough and you wish to maintain the backup in sync
  with the production vserver in real-time or almost. To perform that,
  you need to enable the backup server, but you can't do that unless you
  provide different network setting (avoid having two vserver running
  with the same IP). So the profile concept was introduced.

  When starting a vserver using a given profile, the environment
  variable PROFILE is defined so you can perform various action such as
  exchanging key configuration file, starting services differently and
  so on.

  Linuxconf users may want to enable the switchprofile pseudo service
  (available lately) to switch between different configuration file set.

  1.9. vserver: empty IPROOT

  When a vserver must run with the same IP as the root server, the trick
  was to set IPROOT=0.0.0.0. Now setting an empty IPROOT is equivalent
  (and more intuitive).

  2. Bug fixes

  2.1. vserver: setting resources when using enter or exec

  The vserver was not setting the ulimit resources when performing an
  "enter" or "exec" command. Fixed!

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 13 Dec 2002 - 03:49:14 GMT by hypermail 2.1.3